From: Jian J Wang Date: Mon, 22 Jan 2018 05:06:08 +0000 (+0800) Subject: ShellPkg/UefiShellLevel3CommandsLib: fix string over-read X-Git-Tag: edk2-stable201903~2543 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=c3492bd9bb464ea1dcb3601c43a7dd941bdcb254 ShellPkg/UefiShellLevel3CommandsLib: fix string over-read In the for-loop condition of original code, the expression *CurrentCommand != CHAR_NULL is put before expression CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) When CurrentCommand walks to the end of string buffer, one more character over the end of string buffer will be read and then stop. To fix this issue, just move the last expression to the first one. Because of short-circuit evaludation of and-expression, the following one *CurrentCommand != CHAR_NULL will not be evaluated if the expression before it is evaludated as FALSE. Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang Reviewed-by: Ruiyu Ni --- diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c index a71ade3a20..f6159c1335 100644 --- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c +++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c @@ -397,7 +397,7 @@ ShellCommandRunHelp ( CopyListOfCommandNamesWithDynamic(&SortedCommandList, &SortedCommandListSize); for (CurrentCommand = SortedCommandList - ; CurrentCommand != NULL && *CurrentCommand != CHAR_NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) + ; CurrentCommand != NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) && *CurrentCommand != CHAR_NULL ; CurrentCommand += StrLen(CurrentCommand) + 1 ) { //